3 class UsersControllerTest < ActionDispatch::IntegrationTest
5 # test all routes which lead to this controller
8 { :path => "/user/new", :method => :get },
9 { :controller => "users", :action => "new" }
13 { :path => "/user/new", :method => :post },
14 { :controller => "users", :action => "create" }
18 { :path => "/user/terms", :method => :get },
19 { :controller => "users", :action => "terms" }
23 { :path => "/user/save", :method => :post },
24 { :controller => "users", :action => "save" }
28 { :path => "/user/go_public", :method => :post },
29 { :controller => "users", :action => "go_public" }
33 { :path => "/user/suspended", :method => :get },
34 { :controller => "users", :action => "suspended" }
38 { :path => "/user/username", :method => :get },
39 { :controller => "users", :action => "show", :display_name => "username" }
43 { :path => "/user/username/account", :method => :get },
44 { :controller => "users", :action => "account", :display_name => "username" }
47 { :path => "/user/username/account", :method => :post },
48 { :controller => "users", :action => "account", :display_name => "username" }
52 { :path => "/user/username/set_status", :method => :post },
53 { :controller => "users", :action => "set_status", :display_name => "username" }
56 { :path => "/user/username", :method => :delete },
57 { :controller => "users", :action => "destroy", :display_name => "username" }
61 { :path => "/users", :method => :get },
62 { :controller => "users", :action => "index" }
65 { :path => "/users", :method => :post },
66 { :controller => "users", :action => "index" }
69 { :path => "/users/status", :method => :get },
70 { :controller => "users", :action => "index", :status => "status" }
73 { :path => "/users/status", :method => :post },
74 { :controller => "users", :action => "index", :status => "status" }
78 # The user creation page loads
81 assert_response :redirect
82 assert_redirected_to user_new_path(:cookie_test => "true")
84 get user_new_path, :params => { :cookie_test => "true" }
85 assert_response :success
87 assert_select "html", :count => 1 do
88 assert_select "head", :count => 1 do
89 assert_select "title", :text => /Sign Up/, :count => 1
91 assert_select "body", :count => 1 do
92 assert_select "div#content", :count => 1 do
93 assert_select "form[action='/user/new'][method='post']", :count => 1 do
94 assert_select "input[id='user_email']", :count => 1
95 assert_select "input[id='user_email_confirmation']", :count => 1
96 assert_select "input[id='user_display_name']", :count => 1
97 assert_select "input[id='user_pass_crypt'][type='password']", :count => 1
98 assert_select "input[id='user_pass_crypt_confirmation'][type='password']", :count => 1
99 assert_select "input[type='submit'][value='Sign Up']", :count => 1
106 def test_new_view_logged_in
107 session_for(create(:user))
110 assert_response :redirect
111 assert_redirected_to root_path
113 get user_new_path, :params => { :referer => "/test" }
114 assert_response :redirect
115 assert_redirected_to "/test"
119 user = build(:user, :pending)
121 assert_no_difference "User.count" do
122 assert_no_difference "ActionMailer::Base.deliveries.size" do
123 perform_enqueued_jobs do
124 post user_new_path, :params => { :user => user.attributes }
129 assert_difference "User.count", 1 do
130 assert_difference "ActionMailer::Base.deliveries.size", 1 do
131 perform_enqueued_jobs do
132 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
138 register_email = ActionMailer::Base.deliveries.first
140 assert_equal register_email.to[0], user.email
141 assert_match(/#{@url}/, register_email.body.to_s)
144 assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => user.display_name
146 ActionMailer::Base.deliveries.clear
149 def test_new_duplicate_email
150 user = build(:user, :pending)
151 create(:user, :email => user.email)
153 assert_no_difference "User.count" do
154 assert_no_difference "ActionMailer::Base.deliveries.size" do
155 perform_enqueued_jobs do
156 post user_new_path, :params => { :user => user.attributes }
161 assert_response :success
162 assert_template "new"
163 assert_select "form > div.form-group > input.is-invalid#user_email"
166 def test_save_duplicate_email
167 user = build(:user, :pending)
169 # Set up our user as being half-way through registration
170 assert_no_difference "User.count" do
171 assert_no_difference "ActionMailer::Base.deliveries.size" do
172 perform_enqueued_jobs do
173 post user_new_path, :params => { :user => user.attributes }
178 # Now create another user with that email
179 create(:user, :email => user.email)
181 # Check that the second half of registration fails
182 assert_no_difference "User.count" do
183 assert_no_difference "ActionMailer::Base.deliveries.size" do
184 perform_enqueued_jobs do
185 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
190 assert_response :success
191 assert_template "new"
192 assert_select "form > div.form-group > input.is-invalid#user_email"
195 def test_save_duplicate_email_uppercase
196 user = build(:user, :pending)
198 # Set up our user as being half-way through registration
199 assert_no_difference "User.count" do
200 assert_no_difference "ActionMailer::Base.deliveries.size" do
201 perform_enqueued_jobs do
202 post user_new_path, :params => { :user => user.attributes }
207 # Now create another user with that email, but uppercased
208 create(:user, :email => user.email.upcase)
210 # Check that the second half of registration fails
211 assert_no_difference "User.count" do
212 assert_no_difference "ActionMailer::Base.deliveries.size" do
213 perform_enqueued_jobs do
214 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
219 assert_response :success
220 assert_template "new"
221 assert_select "form > div.form-group > input.is-invalid#user_email"
224 def test_save_duplicate_name
225 user = build(:user, :pending)
227 # Set up our user as being half-way through registration
228 assert_no_difference "User.count" do
229 assert_no_difference "ActionMailer::Base.deliveries.size" do
230 perform_enqueued_jobs do
231 post user_new_path, :params => { :user => user.attributes }
236 # Now create another user with that display name
237 create(:user, :display_name => user.display_name)
239 # Check that the second half of registration fails
240 assert_no_difference "User.count" do
241 assert_no_difference "ActionMailer::Base.deliveries.size" do
242 perform_enqueued_jobs do
243 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
248 assert_response :success
249 assert_template "new"
250 assert_select "form > div.form-group > input.is-invalid#user_display_name"
253 def test_save_duplicate_name_uppercase
254 user = build(:user, :pending)
256 # Set up our user as being half-way through registration
257 assert_no_difference "User.count" do
258 assert_no_difference "ActionMailer::Base.deliveries.size" do
259 perform_enqueued_jobs do
260 post user_new_path, :params => { :user => user.attributes }
265 # Now create another user with that display_name, but uppercased
266 create(:user, :display_name => user.display_name.upcase)
268 # Check that the second half of registration fails
269 assert_no_difference "User.count" do
270 assert_no_difference "ActionMailer::Base.deliveries.size" do
271 perform_enqueued_jobs do
272 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
277 assert_response :success
278 assert_template "new"
279 assert_select "form > div.form-group > input.is-invalid#user_display_name"
282 def test_save_blocked_domain
283 user = build(:user, :pending, :email => "user@example.net")
285 # Set up our user as being half-way through registration
286 assert_no_difference "User.count" do
287 assert_no_difference "ActionMailer::Base.deliveries.size" do
288 perform_enqueued_jobs do
289 post user_new_path, :params => { :user => user.attributes }
294 # Now block that domain
295 create(:acl, :domain => "example.net", :k => "no_account_creation")
297 # Check that the second half of registration fails
298 assert_no_difference "User.count" do
299 assert_no_difference "ActionMailer::Base.deliveries.size" do
300 perform_enqueued_jobs do
301 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
306 assert_response :success
307 assert_template "blocked"
310 def test_save_referer_params
311 user = build(:user, :pending)
313 # Set up our user as being half-way through registration
314 assert_no_difference "User.count" do
315 assert_no_difference "ActionMailer::Base.deliveries.size" do
316 perform_enqueued_jobs do
317 post user_new_path, :params => { :user => user.attributes, :referer => "/edit?editor=id#map=1/2/3" }
322 assert_difference "User.count", 1 do
323 assert_difference "ActionMailer::Base.deliveries.size", 1 do
324 perform_enqueued_jobs do
325 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
330 assert_equal welcome_path(:editor => "id", :zoom => 1, :lat => 2, :lon => 3),
331 User.find_by(:email => user.email).tokens.order("id DESC").first.referer
333 ActionMailer::Base.deliveries.clear
336 def test_terms_new_user
337 user = build(:user, :pending)
339 # Set up our user as being half-way through registration
340 assert_no_difference "User.count" do
341 assert_no_difference "ActionMailer::Base.deliveries.size" do
342 perform_enqueued_jobs do
343 post user_new_path, :params => { :user => user.attributes }
350 assert_response :success
351 assert_template :terms
354 def test_terms_agreed
355 user = create(:user, :terms_seen => true, :terms_agreed => Date.yesterday)
360 assert_response :redirect
361 assert_redirected_to :action => :account, :display_name => user.display_name
364 def test_terms_not_seen_without_referer
365 user = create(:user, :terms_seen => false, :terms_agreed => nil)
370 assert_response :success
371 assert_template :terms
373 post user_save_path, :params => { :user => { :consider_pd => true }, :read_ct => 1, :read_tou => 1 }
374 assert_response :redirect
375 assert_redirected_to :action => :account, :display_name => user.display_name
376 assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
380 assert user.consider_pd
381 assert_not_nil user.terms_agreed
382 assert user.terms_seen
385 def test_terms_not_seen_with_referer
386 user = create(:user, :terms_seen => false, :terms_agreed => nil)
390 get user_terms_path, :params => { :referer => "/test" }
391 assert_response :success
392 assert_template :terms
394 post user_save_path, :params => { :user => { :consider_pd => true }, :referer => "/test", :read_ct => 1, :read_tou => 1 }
395 assert_response :redirect
396 assert_redirected_to "/test"
397 assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
401 assert user.consider_pd
402 assert_not_nil user.terms_agreed
403 assert user.terms_seen
406 # Check that if you haven't seen the terms, and make a request that requires authentication,
407 # that your request is redirected to view the terms
408 def test_terms_not_seen_redirection
409 user = create(:user, :terms_seen => false, :terms_agreed => nil)
412 get user_account_path(user)
413 assert_response :redirect
414 assert_redirected_to :action => :terms, :referer => "/user/#{ERB::Util.u(user.display_name)}/account"
418 user = create(:user, :data_public => false)
421 post user_go_public_path
423 assert_response :redirect
424 assert_redirected_to :action => :account, :display_name => user.display_name
425 assert User.find(user.id).data_public
429 # Get a user to work with - note that this user deliberately
430 # conflicts with uppercase_user in the email and display name
431 # fields to test that we can change other fields without any
432 # validation errors being reported
433 user = create(:user, :languages => [])
434 _uppercase_user = build(:user, :email => user.email.upcase, :display_name => user.display_name.upcase).tap { |u| u.save(:validate => false) }
436 # Make sure that you are redirected to the login page when
437 # you are not logged in
438 get user_account_path(user)
439 assert_response :redirect
440 assert_redirected_to login_path(:referer => "/user/#{ERB::Util.u(user.display_name)}/account")
442 # Make sure that you are blocked when not logged in as the right user
443 session_for(create(:user))
444 get user_account_path(user)
445 assert_response :forbidden
447 # Make sure we get the page when we are logged in as the right user
449 get user_account_path(user)
450 assert_response :success
451 assert_template :account
452 assert_select "form#accountForm" do |form|
453 assert_equal "post", form.attr("method").to_s
454 assert_select "input[name='_method']", false
455 assert_equal "/user/#{ERB::Util.u(user.display_name)}/account", form.attr("action").to_s
458 # Updating the description using GET should fail
459 user.description = "new description"
460 user.preferred_editor = "default"
461 get user_account_path(user), :params => { :user => user.attributes }
462 assert_response :success
463 assert_template :account
464 assert_not_equal user.description, User.find(user.id).description
466 # Updating the description should work
467 user.description = "new description"
468 user.preferred_editor = "default"
469 post user_account_path(user), :params => { :user => user.attributes }
470 assert_response :redirect
471 assert_redirected_to user_account_url(user)
472 get user_account_path(user)
473 assert_response :success
474 assert_template :account
475 assert_select ".notice", /^User information updated successfully/
476 assert_select "form#accountForm > div.form-group > div#user_description_container > div#user_description_content > textarea#user_description", user.description
478 # Changing to an uploaded image should work
479 image = Rack::Test::UploadedFile.new("test/gpx/fixtures/a.gif", "image/gif")
480 post user_account_path(user), :params => { :avatar_action => "new", :user => user.attributes.merge(:avatar => image) }
481 assert_response :redirect
482 assert_redirected_to user_account_url(user)
483 get user_account_path(user)
484 assert_response :success
485 assert_template :account
486 assert_select ".notice", /^User information updated successfully/
487 assert_select "form#accountForm > fieldset.form-group > div.form-row > div.col-sm-10 > div.form-check > input[name=avatar_action][checked][value=?]", "keep"
489 # Changing to a gravatar image should work
490 post user_account_path(user), :params => { :avatar_action => "gravatar", :user => user.attributes }
491 assert_response :redirect
492 assert_redirected_to user_account_url(user)
493 get user_account_path(user)
494 assert_response :success
495 assert_template :account
496 assert_select ".notice", /^User information updated successfully/
497 assert_select "form#accountForm > fieldset.form-group > div.form-row > div.col-sm-10 > div.form-group > div.form-check > input[name=avatar_action][checked][value=?]", "gravatar"
499 # Removing the image should work
500 post user_account_path(user), :params => { :avatar_action => "delete", :user => user.attributes }
501 assert_response :redirect
502 assert_redirected_to user_account_url(user)
503 get user_account_path(user)
504 assert_response :success
505 assert_template :account
506 assert_select ".notice", /^User information updated successfully/
507 assert_select "form#accountForm > fieldset.form-group > div.form-row > div.col-sm-10 > div.form-check > input[name=avatar_action][checked]", false
508 assert_select "form#accountForm > fieldset.form-group > div.form-row > div.col-sm-10 > div.form-group > div.form-check > input[name=avatar_action][checked]", false
510 # Adding external authentication should redirect to the auth provider
511 post user_account_path(user), :params => { :user => user.attributes.merge(:auth_provider => "openid", :auth_uid => "gmail.com") }
512 assert_response :redirect
513 assert_redirected_to auth_path(:provider => "openid", :openid_url => "https://www.google.com/accounts/o8/id", :origin => "/user/#{ERB::Util.u(user.display_name)}/account")
515 # Changing name to one that exists should fail
516 new_attributes = user.attributes.dup.merge(:display_name => create(:user).display_name)
517 post user_account_path(user), :params => { :user => new_attributes }
518 assert_response :success
519 assert_template :account
520 assert_select ".notice", false
521 assert_select "form#accountForm > div.form-group > input.is-invalid#user_display_name"
523 # Changing name to one that exists should fail, regardless of case
524 new_attributes = user.attributes.dup.merge(:display_name => create(:user).display_name.upcase)
525 post user_account_path(user), :params => { :user => new_attributes }
526 assert_response :success
527 assert_template :account
528 assert_select ".notice", false
529 assert_select "form#accountForm > div.form-group > input.is-invalid#user_display_name"
531 # Changing name to one that doesn't exist should work
532 new_attributes = user.attributes.dup.merge(:display_name => "new tester")
533 post user_account_path(user), :params => { :user => new_attributes }
534 assert_response :redirect
535 assert_redirected_to user_account_url(:display_name => "new tester")
536 get user_account_path(:display_name => "new tester")
537 assert_response :success
538 assert_template :account
539 assert_select ".notice", /^User information updated successfully/
540 assert_select "form#accountForm > div.form-group > input#user_display_name[value=?]", "new tester"
542 # Record the change of name
543 user.display_name = "new tester"
545 # Changing email to one that exists should fail
546 user.new_email = create(:user).email
547 assert_no_difference "ActionMailer::Base.deliveries.size" do
548 perform_enqueued_jobs do
549 post user_account_path(user), :params => { :user => user.attributes }
552 assert_response :success
553 assert_template :account
554 assert_select ".notice", false
555 assert_select "form#accountForm > div.form-group > input.is-invalid#user_new_email"
557 # Changing email to one that exists should fail, regardless of case
558 user.new_email = create(:user).email.upcase
559 assert_no_difference "ActionMailer::Base.deliveries.size" do
560 perform_enqueued_jobs do
561 post user_account_path(user), :params => { :user => user.attributes }
564 assert_response :success
565 assert_template :account
566 assert_select ".notice", false
567 assert_select "form#accountForm > div.form-group > input.is-invalid#user_new_email"
569 # Changing email to one that doesn't exist should work
570 user.new_email = "new_tester@example.com"
571 assert_difference "ActionMailer::Base.deliveries.size", 1 do
572 perform_enqueued_jobs do
573 post user_account_path(user), :params => { :user => user.attributes }
576 assert_response :redirect
577 assert_redirected_to user_account_url(user)
578 get user_account_path(user)
579 assert_response :success
580 assert_template :account
581 assert_select ".notice", /^User information updated successfully/
582 assert_select "form#accountForm > div.form-group > input#user_new_email[value=?]", user.new_email
583 email = ActionMailer::Base.deliveries.first
584 assert_equal 1, email.to.count
585 assert_equal user.new_email, email.to.first
586 ActionMailer::Base.deliveries.clear
589 # Check that the user account page will display and contains some relevant
590 # information for the user
592 # Test a non-existent user
593 get user_path(:display_name => "unknown")
594 assert_response :not_found
597 user = create(:user, :home_lon => 1.1, :home_lat => 1.1)
598 friend_user = create(:user, :home_lon => 1.2, :home_lat => 1.2)
599 create(:friendship, :befriender => user, :befriendee => friend_user)
600 create(:changeset, :user => friend_user)
603 assert_response :success
604 assert_select "div#userinformation" do
605 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
606 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1
607 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
608 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
609 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/account']", 0
610 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
611 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
612 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 0
615 # Friends shouldn't be visible as we're not logged in
616 assert_select "div#friends-container", :count => 0
618 # Test a user who has been blocked
619 blocked_user = create(:user)
620 create(:user_block, :user => blocked_user)
621 get user_path(blocked_user)
622 assert_response :success
623 assert_select "div#userinformation" do
624 assert_select "a[href^='/user/#{ERB::Util.u(blocked_user.display_name)}/history']", 1
625 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/traces']", 1
626 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/diary']", 1
627 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/diary/comments']", 1
628 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/account']", 0
629 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/blocks']", 1
630 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/blocks_by']", 0
631 assert_select "a[href='/blocks/new/#{ERB::Util.u(blocked_user.display_name)}']", 0
634 # Test a moderator who has applied blocks
635 moderator_user = create(:moderator_user)
636 create(:user_block, :creator => moderator_user)
637 get user_path(moderator_user)
638 assert_response :success
639 assert_select "div#userinformation" do
640 assert_select "a[href^='/user/#{ERB::Util.u(moderator_user.display_name)}/history']", 1
641 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/traces']", 1
642 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/diary']", 1
643 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/diary/comments']", 1
644 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/account']", 0
645 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/blocks']", 0
646 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/blocks_by']", 1
647 assert_select "a[href='/blocks/new/#{ERB::Util.u(moderator_user.display_name)}']", 0
650 # Login as a normal user
653 # Test the normal user
655 assert_response :success
656 assert_select "div#userinformation" do
657 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
658 assert_select "a[href='/traces/mine']", 1
659 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
660 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
661 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/account']", 1
662 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
663 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
664 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 0
667 # Friends should be visible as we're now logged in
668 assert_select "div#friends-container" do
669 assert_select "div.contact-activity", :count => 1
672 # Login as a moderator
673 session_for(create(:moderator_user))
675 # Test the normal user
677 assert_response :success
678 assert_select "div#userinformation" do
679 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
680 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1
681 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
682 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
683 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/account']", 0
684 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
685 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
686 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 1
690 # Test whether information about contributor terms is shown for users who haven't agreed
691 def test_terms_not_agreed
692 agreed_user = create(:user, :terms_agreed => 3.days.ago)
693 seen_user = create(:user, :terms_seen => true, :terms_agreed => nil)
694 not_seen_user = create(:user, :terms_seen => false, :terms_agreed => nil)
696 get user_path(agreed_user)
697 assert_response :success
698 assert_select "div#userinformation" do
699 assert_select "p", :count => 0, :text => /Contributor terms/
702 get user_path(seen_user)
703 assert_response :success
705 assert_select "div#userinformation" do
706 assert_select "p", :count => 1, :text => /Contributor terms/
707 assert_select "p", /Declined/
710 get user_path(not_seen_user)
711 assert_response :success
712 assert_select "div#userinformation" do
713 assert_select "p", :count => 1, :text => /Contributor terms/
714 assert_select "p", /Undecided/
721 # Try without logging in
722 post set_status_user_path(user), :params => { :status => "suspended" }
723 assert_response :forbidden
725 # Now try as a normal user
727 post set_status_user_path(user), :params => { :status => "suspended" }
728 assert_response :redirect
729 assert_redirected_to :controller => :errors, :action => :forbidden
731 # Finally try as an administrator
732 session_for(create(:administrator_user))
733 post set_status_user_path(user), :params => { :status => "suspended" }
734 assert_response :redirect
735 assert_redirected_to :action => :show, :display_name => user.display_name
736 assert_equal "suspended", User.find(user.id).status
740 user = create(:user, :home_lat => 12.1, :home_lon => 12.1, :description => "test")
742 # Try without logging in
743 delete user_path(user), :params => { :status => "suspended" }
744 assert_response :forbidden
746 # Now try as a normal user
748 delete user_path(user), :params => { :status => "suspended" }
749 assert_response :redirect
750 assert_redirected_to :controller => :errors, :action => :forbidden
752 # Finally try as an administrator
753 session_for(create(:administrator_user))
754 delete user_path(user), :params => { :status => "suspended" }
755 assert_response :redirect
756 assert_redirected_to :action => :show, :display_name => user.display_name
758 # Check that the user was deleted properly
760 assert_equal "user_#{user.id}", user.display_name
761 assert_equal "", user.description
762 assert_nil user.home_lat
763 assert_nil user.home_lon
764 assert_not user.avatar.attached?
765 assert_not user.email_valid
766 assert_nil user.new_email
767 assert_nil user.auth_provider
768 assert_nil user.auth_uid
769 assert_equal "deleted", user.status
774 moderator_user = create(:moderator_user)
775 administrator_user = create(:administrator_user)
776 _suspended_user = create(:user, :suspended)
777 _ip_user = create(:user, :creation_ip => "1.2.3.4")
779 # There are now 7 users - the five above, plus two extra "granters" for the
780 # moderator_user and administrator_user
781 assert_equal 7, User.count
783 # Shouldn't work when not logged in
785 assert_response :redirect
786 assert_redirected_to login_path(:referer => users_path)
790 # Shouldn't work when logged in as a normal user
792 assert_response :redirect
793 assert_redirected_to :controller => :errors, :action => :forbidden
795 session_for(moderator_user)
797 # Shouldn't work when logged in as a moderator
799 assert_response :redirect
800 assert_redirected_to :controller => :errors, :action => :forbidden
802 session_for(administrator_user)
804 # Note there is a header row, so all row counts are users + 1
805 # Should work when logged in as an administrator
807 assert_response :success
808 assert_template :index
809 assert_select "table#user_list tr", :count => 7 + 1
811 # Should be able to limit by status
812 get users_path, :params => { :status => "suspended" }
813 assert_response :success
814 assert_template :index
815 assert_select "table#user_list tr", :count => 1 + 1
817 # Should be able to limit by IP address
818 get users_path, :params => { :ip => "1.2.3.4" }
819 assert_response :success
820 assert_template :index
821 assert_select "table#user_list tr", :count => 1 + 1
824 def test_index_get_paginated
825 1.upto(100).each do |n|
826 User.create(:display_name => "extra_#{n}",
827 :email => "extra#{n}@example.com",
828 :pass_crypt => "extraextra")
831 session_for(create(:administrator_user))
833 # 100 examples, an administrator, and a granter for the admin.
834 assert_equal 102, User.count
837 assert_response :success
838 assert_template :index
839 assert_select "table#user_list tr", :count => 51
841 get users_path, :params => { :page => 2 }
842 assert_response :success
843 assert_template :index
844 assert_select "table#user_list tr", :count => 51
846 get users_path, :params => { :page => 3 }
847 assert_response :success
848 assert_template :index
849 assert_select "table#user_list tr", :count => 3
852 def test_index_post_confirm
853 inactive_user = create(:user, :pending)
854 suspended_user = create(:user, :suspended)
856 # Shouldn't work when not logged in
857 assert_no_difference "User.active.count" do
858 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
860 assert_response :forbidden
862 assert_equal "pending", inactive_user.reload.status
863 assert_equal "suspended", suspended_user.reload.status
865 session_for(create(:user))
867 # Shouldn't work when logged in as a normal user
868 assert_no_difference "User.active.count" do
869 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
871 assert_response :redirect
872 assert_redirected_to :controller => :errors, :action => :forbidden
873 assert_equal "pending", inactive_user.reload.status
874 assert_equal "suspended", suspended_user.reload.status
876 session_for(create(:moderator_user))
878 # Shouldn't work when logged in as a moderator
879 assert_no_difference "User.active.count" do
880 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
882 assert_response :redirect
883 assert_redirected_to :controller => :errors, :action => :forbidden
884 assert_equal "pending", inactive_user.reload.status
885 assert_equal "suspended", suspended_user.reload.status
887 session_for(create(:administrator_user))
889 # Should work when logged in as an administrator
890 assert_difference "User.active.count", 2 do
891 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
893 assert_response :redirect
894 assert_redirected_to :action => :index
895 assert_equal "confirmed", inactive_user.reload.status
896 assert_equal "confirmed", suspended_user.reload.status
899 def test_index_post_hide
900 normal_user = create(:user)
901 confirmed_user = create(:user, :confirmed)
903 # Shouldn't work when not logged in
904 assert_no_difference "User.active.count" do
905 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
907 assert_response :forbidden
909 assert_equal "active", normal_user.reload.status
910 assert_equal "confirmed", confirmed_user.reload.status
912 session_for(create(:user))
914 # Shouldn't work when logged in as a normal user
915 assert_no_difference "User.active.count" do
916 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
918 assert_response :redirect
919 assert_redirected_to :controller => :errors, :action => :forbidden
920 assert_equal "active", normal_user.reload.status
921 assert_equal "confirmed", confirmed_user.reload.status
923 session_for(create(:moderator_user))
925 # Shouldn't work when logged in as a moderator
926 assert_no_difference "User.active.count" do
927 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
929 assert_response :redirect
930 assert_redirected_to :controller => :errors, :action => :forbidden
931 assert_equal "active", normal_user.reload.status
932 assert_equal "confirmed", confirmed_user.reload.status
934 session_for(create(:administrator_user))
936 # Should work when logged in as an administrator
937 assert_difference "User.active.count", -2 do
938 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
940 assert_response :redirect
941 assert_redirected_to :action => :index
942 assert_equal "deleted", normal_user.reload.status
943 assert_equal "deleted", confirmed_user.reload.status